CVE-2011-3339

Severity Score

4.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Cross-site scripting (XSS) vulnerability in the Admin Control Center in Sentinel HASP Run-time Environment 5.95 and earlier in SafeNet Sentinel HASP (formerly Aladdin HASP SRM) run-time installer before 6.x and SDK before 5.11, as used in 7 Technologies (7T) IGSS 7 and other products, when Firefox 2.0 is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger write access to a configuration file.

Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el "Admin Control Center" de Sentinel HASP Run-time Environment 5.95 y versiones anteriores de SafeNet Sentinel HASP (anteriormente Aladdin HASP SRM) run-time installer en versiones anteriores a 6.x y SDK anteriores a 5.11, tal como se utiliza en 7 Technologies (7T) IGSS 7 y otros productos, si Firefox 2.0 es utilizado, permite a atacantes remotos inyectar codigo de script web o código HTML de su elección a través de vectores desconocidos que provocan el acceso de escritura al archivo de configuración.

*Credits: N/A

CVSS Scores

NISTv2 4.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2011-08-29 CVE Reserved
2011-12-17 CVE Published
2023-03-08 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (4)

URL	Tag	Source
http://www.securityfocus.com/bid/51028	Vdb Entry
http://www.us-cert.gov/control_systems/pdf/ICSA-11-314-01.pdf	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/71789	Vdb Entry

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://www.safenet-inc.com/support-downloads/sentinel-drivers/CVE-2011-3339	2017-08-29

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
7t Search vendor "7t"	Igss Search vendor "7t" for product "Igss"	7 Search vendor "7t" for product "Igss" and version "7"	-	Affected	in	Mozilla Search vendor "Mozilla"	Firefox Search vendor "Mozilla" for product "Firefox"	2.0 Search vendor "Mozilla" for product "Firefox" and version "2.0"	-	Safe
Safenet-inc Search vendor "Safenet-inc"	Sentinel Hasp Run-time Search vendor "Safenet-inc" for product "Sentinel Hasp Run-time"	<= 5.95 Search vendor "Safenet-inc" for product "Sentinel Hasp Run-time" and version " <= 5.95"	-	Affected	in	Mozilla Search vendor "Mozilla"	Firefox Search vendor "Mozilla" for product "Firefox"	2.0 Search vendor "Mozilla" for product "Firefox" and version "2.0"	-	Safe
Safenet-inc Search vendor "Safenet-inc"	Sentinel Hasp Sdk Search vendor "Safenet-inc" for product "Sentinel Hasp Sdk"	<= 5.10 Search vendor "Safenet-inc" for product "Sentinel Hasp Sdk" and version " <= 5.10"	-	Affected	in	Mozilla Search vendor "Mozilla"	Firefox Search vendor "Mozilla" for product "Firefox"	2.0 Search vendor "Mozilla" for product "Firefox" and version "2.0"	-	Safe